| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <configuration> |
| |
| <!-- Blacklist for authorization --> |
| |
| <property> |
| <name>hadoop.kms.blacklist.DECRYPT_EEK</name> |
| <value>hdfs</value> |
| <description> |
| Blacklist for decrypt EncryptedKey |
| CryptoExtension operations |
| </description> |
| </property> |
| |
| <!-- Encryption key Password --> |
| |
| <property> |
| <name>ranger.db.encrypt.key.password</name> |
| <value>Str0ngPassw0rd</value> |
| <description> |
| Password used for encrypting Master Key |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.kms.service.masterkey.password.cipher</name> |
| <value>AES</value> |
| <description> |
| Cipher used for encrypting Master Key |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.kms.service.masterkey.password.size</name> |
| <value>256</value> |
| <description> |
| Size of masterkey |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.kms.service.masterkey.password.salt.size</name> |
| <value>8</value> |
| <description> |
| Salt size to encrypt Master Key |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.kms.service.masterkey.password.salt</name> |
| <value>abcdefghijklmnopqrstuvwxyz01234567890</value> |
| <description> |
| Salt to encrypt Master Key |
| </description> |
| </property> |
| |
| |
| <property> |
| <name>ranger.kms.service.masterkey.password.iteration.count</name> |
| <value>1000</value> |
| <description> |
| Iteration count to encrypt Master Key |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.kms.service.masterkey.password.encryption.algorithm</name> |
| <value>PBEWithMD5AndDES</value> |
| <description> |
| Algorithm to encrypt Master Key |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.kms.service.masterkey.password.md.algorithm</name> |
| <value>SHA</value> |
| <description> |
| Message Digest algorithn to encrypt Master Key |
| </description> |
| </property> |
| |
| <!-- db Details --> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.url</name> |
| <value>jdbc:log4jdbc:mysql://localhost:3306/rangerkms</value> |
| <description> |
| URL for Database |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.user</name> |
| <value>kmsadmin</value> |
| <description> |
| Database username used for operation |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.password</name> |
| <value>kmsadmin</value> |
| <description> |
| Database user's password |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.credential.provider.path</name> |
| <value>/tmp/kms.jceks</value> |
| <description> |
| Credential provider path |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.credential.alias</name> |
| <value>ranger.ks.jdbc.password</value> |
| <description> |
| Credential alias used for password |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.masterkey.credential.alias</name> |
| <value>ranger.ks.masterkey.password</value> |
| <description> |
| Credential alias used for masterkey |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.dialect</name> |
| <value>org.eclipse.persistence.platform.database.MySQLPlatform</value> |
| <description> |
| Dialect used for database |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.driver</name> |
| <value>net.sf.log4jdbc.DriverSpy</value> |
| <description> |
| Driver used for database |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jdbc.sqlconnectorjar</name> |
| <value>/usr/share/java/mysql-connector-java.jar</value> |
| <description> |
| Driver used for database |
| </description> |
| </property> |
| |
| <!-- Ranger KMS Kerberos Config --> |
| <property> |
| <name>ranger.ks.kerberos.principal</name> |
| <value>rangerkms/_HOST@REALM</value> |
| </property> |
| |
| <property> |
| <name>ranger.ks.kerberos.keytab</name> |
| <value></value> |
| </property> |
| |
| <!-- HSM Config --> |
| <property> |
| <name>ranger.ks.hsm.type</name> |
| <value>LunaProvider</value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.enabled</name> |
| <value>false</value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.partition.name</name> |
| <value></value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.partition.password</name> |
| <value></value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.partition.password.alias</name> |
| <value>ranger.kms.hsm.partition.password</value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.db.ssl.enabled</name> |
| <value>false</value> |
| </property> |
| <property> |
| <name>ranger.ks.db.ssl.required</name> |
| <value>false</value> |
| </property> |
| <property> |
| <name>ranger.ks.db.ssl.verifyServerCertificate</name> |
| <value>false</value> |
| </property> |
| <property> |
| <name>ranger.ks.db.ssl.auth.type</name> |
| <value>2-way</value> |
| </property> |
| </configuration> |